Accepting credit cards is a necessity for today’s retailers, whether they conduct business through brick-and-mortar stores or e-commerce websites. But when cardholder data is the target of malicious activity or theft, it impacts every organization and stakeholder in the credit card processing system, including merchants, service providers, financial institutions, point-of-sale vendors, hardware/software developers and customers.
To help protect payment card transactions and cardholder data, all card brands require companies that process payment card data to demonstrate compliance with the Payment Card Industry Data Security Standard (PCI DSS). This baseline standard of operational controls and technical security requirements was designed to protect payment card transactions and cardholder data from malicious activity and theft.
Get the Solution Story
Learn how Tenable SecurityCenter CV helps you proactively monitor and maintain your PCI compliance posture.
PCI security must be continuous
Many companies believe that demonstrating PCI DSS compliance once a year is sufficient. It is not. Retailers and other credit card processors must take steps to ensure PCI security is continuous and ongoing. Safeguards and controls must be in place at all times to protect the security of both payment card data and your business.
If your company is involved in credit card processing, Tenable offers a comprehensive security resource that performs PCI vulnerability scanning to continuously monitor and assess PCI security and helps demonstrate ongoing compliance to PCI DSS.
“The support alone earns my recommendation. While it’s difficult to quantify security ROI for any distributed and highly complex IT environment, we can see results everywhere.”Shan Lee, Head of Information Security,
Meet all internal and external PCI vulnerability scanning requirements
With Tenable, users users can meet both internal and external vulnerability scanning requirements for PCI (PCI DSS 11.2). All Tenable products can perform internal vulnerability scanning of cardholder data and retail locations, including all versions of Nessus, the world’s most widely deployed vulnerability scanner (Professional, Manager and Cloud), SecurityCenter and SecurityCenter Continuous View (CV). Nessus Cloud can be used to meet the external scanning requirements of PCI DSS.
With SecurityCenter CV, retailers and service providers can comply with additional PCI DSS requirements, including logging and monitoring all systems and events, with automated review to quickly detect suspicious events (PCI DSS 10.5 - 10.8). Users can also comply with requirements regarding change detection notification, including setting up alerts when applications, files, or system objects are changed (PCI DSS 11.5).
SecurityCenter CV also provides continuous compliance monitoring for PCI DSS by providing PCI vulnerability scanning, centralized logging and log review, change detection notification and centralized intelligence through purpose-built dashboards, reports and Assurance Report Cards (ARCs). It delivers the continuous visibility, critical context and actionable intelligence you need to monitor all required PCI technical controls and ensure ongoing PCI DSS compliance at all times.
Continuously Monitor, Measure and Report PCI Compliance
Whitepaper: How to Enable PCI DSS Continuous compliance
Many companies view PCI security as an annual, once-a-year project. However, taking a minimalistic approach to PCI DSS compliance shows only that a company meets its requirements at one point in time. According to the 2016 Verizon Data Breach Investigations Report, “89% of breaches had a financial or espionage motive,” and “the time to compromise is almost days or less, if not minutes or less.” Therefore, securing cardholder data requires continuous and uninterrupted PCI security and compliance.
Tenable helps retailers, merchants and other credit card processors meet all PCI vulnerability scanning requirements, both internal and external. All Tenable products – Nessus Professional, Nessus Manager, Nessus Cloud, SecurityCenter and SecurityCenter Continuous View (SecurityCenter CV) – can perform PCI internal vulnerability scanning. External scanning can be performed with Nessus Cloud, the company’s PCI Certified ASV service.